bitwarden_rs 不支持 traefik v2.2(坏网关)

bitwarden_rs not working behind traefik v2.2 (Bad Gateway)

所以我正在尝试将 bitwarden_rs 添加到我的 docker 网络,但似乎很难成功。

我在 traefik (nextcloud.mydomain.com) 后面还有一个 nextcloud docker 容器 运行,它运行良好。但是将带有自己子域(bitwarden.mydomain.com)的bitwarden添加到traefik并不想开始工作。我总是收到 Bad Gateway 错误。

Traefik docker-compose

version: "3"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    command:
      - --log.level=DEBUG
      - --api.insecure
      - --api.dashboard
      - --providers.file.directory=/FileProvider/
      - --providers.file.watch=true
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --providers.docker.endpoint=unix:///var/run/docker.sock 
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.letsencryptresolver.acme.email=my@email.com
      - --certificatesresolvers.letsencryptresolver.acme.storage=./letsencrypt/acme.json
      - --certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web
      - --certificatesresolvers.letsencryptresolver.acme.httpchallenge=true
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - ...
    networks:
      - local-lan
    labels:
      - --traefik.http.middlewares.https.redirectscheme.scheme=https
      - --traefik.http.routers.https_redirect.middlewares=https
      - --traefik.http.routers.https_redirect.rule=(Host(`bitwarden.mydomain.com`) || Host(`nextcloud.mydomain.com`))
      - --traefik.http.routers.https_redirect.entrypoints=web
      - --traefik.docker.network=local-lan

networks:
  local-lan:
      external: true

traefik 动态配置

middlewares:
  ncHeader:
    headers:
      customResponseHeaders:
        stsPreload: true
        stsSeconds: 15552000
  redirect:
    redirectScheme:
      scheme: https

bitwarden_rs docker-撰写

version: '3'

services:
  bitwarden:
    image: bitwardenrs/server:latest
    container_name: bitwarden
    restart: always
    volumes:
      - /home/reggi/bitwarden/data:/data
    environment:
      - WEBSOCKET_ENABLED=true
      - WEB_VAULT_ENABLED=true
      - SIGNUPS_ALLOWED=true
      - ADMIN_TOKEN=xxxxxxxxxxx
    ports:
      - 3012:3012
      - 4500:80
    networks:
      - local-lan
    labels:
      - traefik.enable=true
      - traefik.docker.network=local-lan
      - traefik.http.services.bitwarden-ui.loadbalancer.server.port=4500
      - traefik.http.services.bitwarden-ui.loadbalancer.server.scheme=http

      - traefik.http.routers.bitwarden-ui-https.rule=Host(`bitwarden.mydomain.com`)
      - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-ui-https.tls=true
      - traefik.http.routers.bitwarden-ui-https.tls.certresolver=letsencryptresolver
      - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui@docker

      - traefik.http.routers.bitwarden-ui-http.rule=Host(`bitwarden.mydomain.com`)
      - traefik.http.routers.bitwarden-ui-http.entrypoints=web
      - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui@docker

      - traefik.http.routers.bitwarden-websocket-https.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-websocket-https.tls=true
      - traefik.http.routers.bitwarden-websocket-https.tls.certresolver=letsencryptresolver
      - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
      - traefik.http.routers.bitwarden-websocket-http.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-http.entrypoints=web
      - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
      - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
      
networks:
 local-lan:
    external: true

两个容器都 运行 使用此配置没问题,但出于某种原因,当我导航到 http(s)://bitwarden.mydomain.com.

时出现错误网关

当我导航到我的服务器时 IP:4500 bitwarden 打开意味着 docker 容器 运行 正常。 在我的 traefik 日志中我可以找到这个错误: time="2021-03-10T21:06:35Z" level=debug msg="'502 Bad Gateway' caused by: dial tcp 17.32.0.8:4500: connect: connection refused"

当我从 traefik 容器对 bitwarden 容器进行简单的卷曲时,我得到了同样的错误: curl --verbose http://17.32.0.8:4500

例如,curl 到我的 nextcloud 容器确实有效:

我已经尝试了很多东西,但似乎无法弄明白。对于 nextcloud,我可以添加一个受信任的代理域,但如果我没记错的话,bitwarden_rs 似乎不可能。

有人知道我遗漏了什么或做错了什么吗?

经过进一步调查,我发现了我的错误。

我不需要将端口 80 映射到您的 docker 网络之外,我只需要公开它。所以这现在有效:

version: '3'

services:
  bitwarden:
    image: bitwardenrs/server:latest
    container_name: bitwarden
    restart: always
    volumes:
      - /home/reggi/bitwarden/data:/data
    environment:
      - WEBSOCKET_ENABLED=true
      - WEB_VAULT_ENABLED=true
      - SIGNUPS_ALLOWED=true
      - ADMIN_TOKEN=xxxxxxxxxxx
    expose:
      - 3012
      - 80
    networks:
      - local-lan
    labels:
      - traefik.enable=true
      - traefik.docker.network=local-lan
      - traefik.http.services.bitwarden-ui.loadbalancer.server.port=4500
      - traefik.http.services.bitwarden-ui.loadbalancer.server.scheme=http

      - traefik.http.routers.bitwarden-ui-https.rule=Host(`bitwarden.mydomain.com`)
      - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-ui-https.tls=true
      - traefik.http.routers.bitwarden-ui-https.tls.certresolver=letsencryptresolver
      - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui@docker

      - traefik.http.routers.bitwarden-ui-http.rule=Host(`bitwarden.mydomain.com`)
      - traefik.http.routers.bitwarden-ui-http.entrypoints=web
      - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui@docker

      - traefik.http.routers.bitwarden-websocket-https.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-websocket-https.tls=true
      - traefik.http.routers.bitwarden-websocket-https.tls.certresolver=letsencryptresolver
      - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
      - traefik.http.routers.bitwarden-websocket-http.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-http.entrypoints=web
      - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
      - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
      
networks:
 local-lan:
    external: true